1.0 DESCRIPTION

1.1 Overview

Russian New Year Attack is security exploit that triggered through the Excel's CALL function. Microsoft Excel of Office 97 has a function named CALL which allow external executable to be initiated that a vulnerable. This vulnerability could be exploit so the Excel spreadsheet can be used to copy files and execute programs.

1.2 Limitation

It only effected Microsoft Excel 97, Service Release 2 (SR-2) with CALL enable.

1.3 Functionality

The CALL function in Excel is to calls procedures from external dynamic link libraries (DLLs) to a worksheet. This is permitted in Excel but it possible for CALL to allow external DLL without user knowing which could be used for malicious purposes.

By taking advantage of this vulnerability, a person can launch an attack such as transfer file and execute program on your machine.

2.0 POSSIBLE STEPS

2.1 Detection

To verify the Excel version that you are using, click About Microsoft Excel on the Excel Help menu. If you are running Microsoft Excel 97 SR-2, your Microsoft Excel are expose to this vulnerability.

2.2 Reaction:

One way to remove it is to disable the automatic CALL function. Follow the steps below,

2.2.1 Download the patch file at

http://officeupdate.microsoft.com/isapi/gooffupd.asp?TARGET=/downloaditems/xl8p4pkg.exefrom http://officeupdate.microsoft.com/

2.2.2 Then, select Run this program from its current location.

2.2.3 During the installation answer Yes, for the question "... Do you want to run the patch now?"

4.0 MORE INFORMATION

To obtain more information on this virus, please refer to the following site :

4.1 http://www.finjan.com/rny/rny1.cfm

4.2 http://officeupdate.microsoft.com/downloadDetails/xl97cfp.htm